World Privacy Forum responds to June 2007 NCVHS recommendations to the Secretary of HHS regarding health care information at non-HIPAA covered entities

Medical privacy | NCVHS | HIPAA — The World Privacy Forum has sent a letter to Dr. Simon P. Cohn, Chairman of the National Committee on Vital and Health Statistics, supporting the Committee’s formal conclusion that all entities that create, compile, store, transmit, or use personally identifiable health information should be covered by a federal privacy law. More needs to be done about health care data that is left unprotected by HIPAA. The Forum’s letter included a discussion of two HHS programs that operate outside of HIPAA: FDA RiskMAPS, and the National Institutes of Health, which is not a covered entity under HIPAA.

This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.

WPF has conducted original research on India's Aadhaar, a national biometric ID system, including field research in India during 2010-2014. WPF has published the original research in a peer-reviewed journal, Nature-Springer, and in Harvard-based Journal of Technology Science. The research found that systemic challenges to data protection and privacy exist in the Aadhaar system, challenges which do have potential remedies. Key lessons can be learned for both the US and the EU as biometric systems grow in popularity.